[Openid-specs-ab] Limiting a login request to a specific user
Michael.Jones at microsoft.com
Mon Sep 22 22:26:18 UTC 2014
We have a use case in which we want to limit the login to the user specified via the login_hint and not allow the user to sign in as a different user. How would you suggest expressing that requirement? For instance, should we invent a new request parameter such as "this_user=true" (which could be used in combination with login_hint or id_token_hint)? Or might a "prompt" parameter value such as "prompt=this_user" be appropriate? Or would that possibly conflict with other uses of "prompt"?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab